Privacy Policy

LendPathway is a document intelligence platform built for underwriters. It automates the extraction and analysis of financial documents so teams can make faster, more accurate funding decisions. Users upload or sync documents like bank statements and tax returns, and our platform processes them into structured financial data and analysis reports.

LendPathway is a multi-tenant B2B platform. Each organization's data is isolated at the application layer. Users can only access documents, reports, and settings that belong to their own organization. There is no cross-tenant data access.

The only thing required to use LendPathway is signing in. Everything else is opt-in.

Each optional integration requires its own separate OAuth 2.0 consent flow. You can use LendPathway without enabling any of them, and you can disconnect them at any time.

LendPathway uses Auth0 for authentication. You can sign in with your Google account or your Microsoft account (via Microsoft Entra).

When you sign in, Auth0 receives your name, email address, and profile picture from your identity provider to create and manage your LendPathway account. This is a standard identity handshake. LendPathway never sees or stores your Google or Microsoft password, and sign-in does not grant us access to your email, files, calendar, contacts, or any other account data.

Gmail (Opt-In)

When you choose to connect your Gmail account, LendPathway requests read and send access to your Gmail. This powers several features within the platform.

Read access allows LendPathway to search your inbox, view email threads and message content, and download attachments for processing through our document analysis pipeline.

Send access allows LendPathway to send emails on your behalf when you initiate them from within the platform, such as document requests or status notifications. Both capabilities are granted together when you connect and both are removed when you disconnect.

How we use Gmail data. Gmail data is used to locate, retrieve, and process financial documents for underwriting analysis, and to send emails you initiate through the platform. We access message content and metadata to identify relevant documents and to power inbox and thread views within the app. Gmail data is accessed and processed on behalf of the user who connected their account and is used solely to provide features within LendPathway that the user has chosen to enable.

Google Drive (Opt-In)

When you choose to connect your Google Drive, LendPathway can export files to your Drive, including analysis reports and spreadsheet summaries. The integration also reads basic metadata (file names and IDs) of spreadsheets in the connected account to support export workflows.

What We Do Not Do with Google Data

• We do not sell, rent, or transfer Google user data to third parties for advertising, marketing, or any purpose unrelated to providing the LendPathway service.
• We do not use Google user data to serve ads, including retargeting or interest-based advertising.
• We do not use Google user data to train AI or machine learning models.
• We do not allow humans to read your Google user data except where you provide consent (such as when requesting technical support), where necessary for security purposes, or where required by law.

Google API Services Limited Use Disclosure

LendPathway's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Token Storage and Disconnection

When you connect a Google integration, your OAuth access and refresh tokens are stored securely in our database on the server side. When you disconnect an integration from within LendPathway, the associated tokens and connection records are permanently deleted from our systems.

Revoking Access

You can disconnect Gmail or Google Drive from within LendPathway at any time. You can also revoke access directly from your Google Account permissions page. Either action stops all data access and sending activity immediately.

In addition to data accessed through integrations, LendPathway collects:

We use the data we collect to operate and improve the LendPathway platform. Specifically:

• To authenticate you and manage your account.
• To process financial documents through our analysis pipeline and deliver results.
• To power Gmail and Google Drive features you have opted into.
• To send transactional communications about your account and the service.
• To monitor platform performance and fix issues.
• To comply with legal obligations.

We do not use your data for advertising, profiling, or any purpose unrelated to providing and improving the LendPathway service.

All data in LendPathway is scoped to your organization. Every document, report, and setting is bound to the organization it belongs to. Users in one organization cannot see, search, or interact with another organization's data.

LendPathway uses third-party AI providers, including Google Gemini and OpenAI, to power document parsing and analysis. When a document is processed, relevant content is sent to these providers' APIs for analysis and the results are returned to our platform. These providers process data according to their enterprise agreements and do not use your data for model training under our terms with them.

All other application data (accounts, documents, reports, integration tokens) remains within our own infrastructure.

For organizations that require complete data residency control, LendPathway offers an on-premises deployment option. Self-hosted deployments keep all data and all processing, including AI, entirely within your own infrastructure.

LendPathway does not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share data only in the following circumstances:

We retain your data for as long as your account is active or as needed to provide the service. If you close your account or request deletion, we will delete your personal data and documents from our active systems. Some data may be retained in backups for a limited period before those backups are cycled out. We may also retain certain data as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Depending on where you are located, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Request deletion of your personal data.
• Request a copy of your data in a portable format.
• Object to or restrict certain processing of your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or sooner where required by applicable law.

You can disconnect Google or Microsoft integrations from within LendPathway at any time. You can also manage connected apps directly from your Google or Microsoft account settings.

LendPathway complies with applicable data protection regulations including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) where applicable.

LendPathway does not sell your personal information and has not sold personal information in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising.

LendPathway is a business-to-business platform and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

We may update this policy to reflect changes in our practices or for legal reasons. When we make material changes, we will update the date at the top of this page and notify active users by email.